37d233f9acc0f86ce9e73251c85514a0caffad0a78ba21a5455db046f35a80a0

Analysis

max time kernel
1s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fbab9921aeaedf36c5db6baabc6136e.exe
Size

209KB
MD5

4fbab9921aeaedf36c5db6baabc6136e
SHA1

8474b78c295feaba2591925760f1491acec26fd8
SHA256

37d233f9acc0f86ce9e73251c85514a0caffad0a78ba21a5455db046f35a80a0
SHA512

a275a17545fe4faefbe941db1f5a6cbb514e0a98d3c9f21fa2cd0aad203e9dbef595a4f2fc8f1870ebab62f0fd84c1a8adad84692c9147aa0b9ee44ea0ee0b6b
SSDEEP

3072:EligYA4TY2XCKKD/mIxTyc4kDZFwPpDGCvc69okmR77HkjpdCD1yDy:Eli5I+CVDT94ktFMpyC0Jk2LkjpMA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4876	u.dll
464	mpress.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 1568	2252	4fbab9921aeaedf36c5db6baabc6136e.exe	20
PID 2252 wrote to memory of 1568	2252	4fbab9921aeaedf36c5db6baabc6136e.exe	20
PID 2252 wrote to memory of 1568	2252	4fbab9921aeaedf36c5db6baabc6136e.exe	20
PID 1568 wrote to memory of 4876	1568	cmd.exe	21
PID 1568 wrote to memory of 4876	1568	cmd.exe	21
PID 1568 wrote to memory of 4876	1568	cmd.exe	21
PID 4876 wrote to memory of 464	4876	u.dll	27
PID 4876 wrote to memory of 464	4876	u.dll	27
PID 4876 wrote to memory of 464	4876	u.dll	27
PID 1568 wrote to memory of 848	1568	cmd.exe	26
PID 1568 wrote to memory of 848	1568	cmd.exe	26
PID 1568 wrote to memory of 848	1568	cmd.exe	26

C:\Users\Admin\AppData\Local\Temp\4fbab9921aeaedf36c5db6baabc6136e.exe
"C:\Users\Admin\AppData\Local\Temp\4fbab9921aeaedf36c5db6baabc6136e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\4FF5.tmp\vir.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1568
- - C:\Users\Admin\AppData\Local\Temp\u.dll
    u.dll -bat vir.bat -save 4fbab9921aeaedf36c5db6baabc6136e.exe.com -include s.dll -overwrite -nodelete
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\50A0.tmp\mpress.exe
      "C:\Users\Admin\AppData\Local\Temp\50A0.tmp\mpress.exe" "C:\Users\Admin\AppData\Local\Temp\exe50A1.tmp"
      4⤵
      Executes dropped EXE
      PID:464
- - C:\Windows\SysWOW64\calc.exe
    CALC.EXE
    3⤵
    PID:848

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4FF5.tmp\vir.bat

Filesize
1KB

MD5
8115a59ab7c900ddf7b3784d27d6819d

SHA1
075dfde636f77b0d28327deb9cbe9dd45c399641

SHA256
8d114250d3860a8f85861e8febac6756b70d8c18d91816d170ba38b6f390de3e

SHA512
29036ce03380bdfe5519040544fb43a718f1fd2dc7530a9d808976d5da8f09ca06645c0bd5056cd6120e572e7b3e31c24bd03d98219135261e777c4c3859d4d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A0.tmp\mpress.exe

Filesize
1KB

MD5
118ea5a89a8339f2b622717d48f9285b

SHA1
af38929dcc57a7148af3372008a294a80f3635b4

SHA256
5cb9cef7fa6145284b1593f53f788c5897c8e046fc90943ece566812ef453c62

SHA512
a97715b5b53f060ac8d00b170de05198d03871b95b1a8a0afd7b552e1814d271d74d2d52b22d20542e69c4aac2232a03ae8597958902bd05047031bb1009cf1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\50A0.tmp\mpress.exe

Filesize
52KB

MD5
37778388c9033e5a43442b1822de1c97

SHA1
46f3efcc02e6529c5c275d868ca3859edb9bd183

SHA256
329a563fc82257117264426ded08a4edccadfd7ca639fe23d9313fd7190ee1fc

SHA512
071363f15bef098c0df6c8ac08c0cfce2ab0b4b28c7c54fe6d31dbe164aca36fdf471cc3995da5c409475d12c03339e7d99af284450eb6d6cfc9e3b180690d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe50A1.tmp

Filesize
33KB

MD5
5c29c9387c711994e4dde8bc49a184d0

SHA1
72794da807db50acc4f25851b88aecd5224af056

SHA256
d7e0c045a5b0236004f7992c1834ded248ea6e7fce613129363280fb3205fe09

SHA512
beb035d56682ad1e9cdc301086784e09f8ee3fe3ec0b4ddf59ec35d360adee3213c30dcce78c3f7e870bdbec30aaedf998d88bf898a41f316323f6bc2cede35b

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe50A1.tmp

Filesize
33KB

MD5
585a1cf34239f140c14f643febafed6c

SHA1
e62a3f2cf6cf8900eec8f0e092d1ca51d6864dc8

SHA256
62a26b9940f2a92b6c63e4f33b1b98f23629390184e0825cf9438351847a7664

SHA512
9ec98d56ef1249c9357e5761632de5e8c7ff1d2b52d197ff194bc45b40edbef05c96600aa899cf16847c0ac24cf740f7beb22d942413cc77b99b670bf62fc679

Download Submit
C:\Users\Admin\AppData\Local\Temp\exe50A1.tmp

Filesize
24KB

MD5
8c4bb4774bc8c5f06ff907bdeb1298a9

SHA1
da0f8151278a50f69dd270ec1e68fced19f3e414

SHA256
c1489e93207a2cdc0d0bde29749879ee513dc5687f425ffa7aedd8ad43fae0ec

SHA512
c9d859d5d33a2d82d2efa971dc1b55a62a3988214ee42467aea8b57c1ba975db14d37a9ada74f09593cfcae42fb61661d3ecc29aa76d8921e17a51bf714c2763

Download Submit
C:\Users\Admin\AppData\Local\Temp\s.dll

Filesize
64KB

MD5
960ed4ed404aaa84f491a6dbd0954263

SHA1
1a9d9c09e97eff39fcea870b3fe6e6fe1a220726

SHA256
9e727f8a4a13982c915a6527619a077166fb36eacdda912581c1808a620d519e

SHA512
49c5c9099cb7b9440338b7569c2f1bb960bef8363cb2785cc6c0d64b424827f92c01bb50a223c3cabdc6b40061886bcf43e52cd35320a3a7ea4dd2334e521ab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
101KB

MD5
1180a458fb4983924c3c8eb83df4ef8c

SHA1
688a672b9e9ec803187df1606f7004d2cd375be2

SHA256
825c61bb804219fd6684d234563e8585b40174bc9610ee0305eb4fdc749e9b47

SHA512
ef9e0f7d410d7b68c98a3bda5d1e130fa912acf225d4a758ad2f4d8a5198037ec2d5c8c8f3aea857155832b26ed8284b92df0c566cd50550137f158974d87506

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
1KB

MD5
9b960bd34b156ff4acfa2a14b6a9292c

SHA1
193729fb0475a0e31d89d47cb9bece778671415c

SHA256
5c516cd1a02ee440bbae6fc2349fd0bf6390988b8ec9213b3f8b8474940be2c1

SHA512
ab8492f570c3a8223931cf579b326fbb63919c6a2b025f3be847e83ae141a9b28c23834341331df4a1b0a5ab18097ca33308a99f3907c6d24feafdd7ca384358

Download Submit
C:\Users\Admin\AppData\Local\Temp\u.dll

Filesize
11KB

MD5
09c244910cbb2149ebff67abd8b38fa8

SHA1
681acc386366e1a5f420f02b09eda3214b76cc6d

SHA256
8d45600e656b65160687dff6809854b2599e93f1e4e1ed7f28cbe42470a976b6

SHA512
f63bab3791c268d6e2f16b6b26f0e6f40e81308c24f57a4f7dc1349333c746b65ec03e5054e894076c8c4a16e197c302d7ed357a6798f978a0ce191c99f49ee0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vir.bat

Filesize
2KB

MD5
e2bb0cbfacb12c4b7938feaea75e8eb9

SHA1
eaa8c398286f75131f8c4317267c71971d80d617

SHA256
8e6e1c721e60b7b72acd527cc62b21a3cacfa3af8919ee7a1f2baa634295cef0

SHA512
053e9391998d61bbdfe71bc7083a757ca4f23481e5d7e24ce2d5ecf276b72fc61346f5fc25735485e427b3f7372c1d1086d6686d3da8c494cf4fe6edae74d6c8

Download Submit
memory/464-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/464-62-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2252-1-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2252-0-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download
memory/2252-70-0x0000000000400000-0x00000000004BF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads